package com.roc.admin.infrastructure.mybatisplus;

import com.baomidou.mybatisplus.extension.plugins.handler.DataPermissionHandler;
import com.baomidou.mybatisplus.extension.plugins.inner.DataPermissionInterceptor;
import jakarta.servlet.http.HttpServletRequest;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
import net.sf.jsqlparser.expression.operators.relational.EqualsTo;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.schema.Table;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import java.util.Set;

/**
 * MyBatis Plus数据权限处理器
 * 用于实现RBAC中的数据权限过滤
 */
@Component
public class CustomDataPermissionHandler implements DataPermissionHandler {

//    @Override
//    public Expression getSqlSegment(Table table, Expression where, String mappedStatementId) {
//        // 获取当前请求
//        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
//        if (attributes == null) {
//            return where;
//        }
//
//        HttpServletRequest request = attributes.getRequest();
//
//        // 获取数据权限标识
//        Long userId = (Long) request.getAttribute("DATA_PERMISSION_USER_ID");
//        Long deptId = (Long) request.getAttribute("DATA_PERMISSION_DEPT_ID");
//        Set<String> permissions = (Set<String>) request.getAttribute("DATA_PERMISSION_PERMISSIONS");
//
//        if (userId == null || permissions == null) {
//            return where;
//        }
//
//        // 判断是否有全部数据权限
//        if (permissions.contains("*:*:*") || permissions.contains("admin")) {
//            return where;
//        }
//
//        // 根据表名添加不同的数据权限条件
//        String tableName = table.getName();
//
//        if ("sys_user".equalsIgnoreCase(tableName)) {
//            // 用户表数据权限：本部门数据
//            EqualsTo deptEquals = new EqualsTo();
//            deptEquals.setLeftExpression(new Column(table, "dept_id"));
//            deptEquals.setRightExpression(new net.sf.jsqlparser.expression.LongValue(deptId));
//
//            return where == null ? deptEquals : new AndExpression(where, deptEquals);
//        } else if ("sys_role".equalsIgnoreCase(tableName)) {
//            // 角色表数据权限：本人创建的角色
//            EqualsTo createByEquals = new EqualsTo();
//            createByEquals.setLeftExpression(new Column(table, "create_by"));
//            createByEquals.setRightExpression(new net.sf.jsqlparser.expression.StringValue(userId.toString()));
//
//            return where == null ? createByEquals : new AndExpression(where, createByEquals);
//        } else if ("sys_dept".equalsIgnoreCase(tableName)) {
//            // 部门表数据权限：本部门及子部门
//            // 实际项目中可能需要更复杂的查询，这里简化处理
//            EqualsTo deptEquals = new EqualsTo();
//            deptEquals.setLeftExpression(new Column(table, "id"));
//            deptEquals.setRightExpression(new net.sf.jsqlparser.expression.LongValue(deptId));
//
//            return where == null ? deptEquals : new AndExpression(where, deptEquals);
//        }
//
//        return where;
//    }

    @Override
    public Expression getSqlSegment(Expression where, String mappedStatementId) {
        // 获取当前请求
        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        if (attributes == null) {
            return where;
        }

        HttpServletRequest request = attributes.getRequest();

        // 获取数据权限标识
        Long userId = (Long) request.getAttribute("DATA_PERMISSION_USER_ID");
        Long deptId = (Long) request.getAttribute("DATA_PERMISSION_DEPT_ID");
        Set<String> permissions = (Set<String>) request.getAttribute("DATA_PERMISSION_PERMISSIONS");

        if (userId == null || permissions == null) {
            return where;
        }

        // 判断是否有全部数据权限
        if (permissions.contains("*:*:*") || permissions.contains("admin")) {
            return where;
        }

        // todo 根据表名添加不同的数据权限条件
        Table table = new Table("sys_user");

        // 根据表名添加不同的数据权限条件
        String tableName = table.getName();

        if ("sys_user".equalsIgnoreCase(tableName)) {
            // 用户表数据权限：本部门数据
            EqualsTo deptEquals = new EqualsTo();
            deptEquals.setLeftExpression(new Column(table, "dept_id"));
            deptEquals.setRightExpression(new net.sf.jsqlparser.expression.LongValue(deptId));

            return where == null ? deptEquals : new AndExpression(where, deptEquals);
        } else if ("sys_role".equalsIgnoreCase(tableName)) {
            // 角色表数据权限：本人创建的角色
            EqualsTo createByEquals = new EqualsTo();
            createByEquals.setLeftExpression(new Column(table, "create_by"));
            createByEquals.setRightExpression(new net.sf.jsqlparser.expression.StringValue(userId.toString()));

            return where == null ? createByEquals : new AndExpression(where, createByEquals);
        } else if ("sys_dept".equalsIgnoreCase(tableName)) {
            // 部门表数据权限：本部门及子部门
            // 实际项目中可能需要更复杂的查询，这里简化处理
            EqualsTo deptEquals = new EqualsTo();
            deptEquals.setLeftExpression(new Column(table, "id"));
            deptEquals.setRightExpression(new net.sf.jsqlparser.expression.LongValue(deptId));

            return where == null ? deptEquals : new AndExpression(where, deptEquals);
        }

        return where;
    }
}
